When cyber-crime met big business

Also on KPMG.com

What are a cybercriminal’s real objectives and strategies? Is the cybercriminal really still a solitary, tech-savvy hacker? Cybercrime has morphed into a much more aggressive, and powerful business.

The cybercriminal is now running an efficient operation, complete with a defined business model and strategy. To persist with thinking of the typical cybercriminal as a solitary, tech-savvy hacker, operating from home, pursuing ideological or anarchistic objectives; is to diminish how much of a threat they pose. If a cybercriminal does not have the tools and skills at hand, they will purchase them from the market on the dark web. To understand an opponent’s motivation is to understand how best to defend ourselves.

The healthcare sector is most definitely at risk from this sort of attacker. The prime target of the healthcare sector is the rich data it holds. Medical records are hugely valuable, providing the cybercriminal with all the information required for classic identity theft. Such records are traded on the grey market at prices far greater than those for stolen credit card details, for example.

In addition to this, another attractive target of the healthcare sector are the IT systems. Such an attack could cripple an organisation’s ability to take appointments, track and treat patients. Another avenue might be threatening to embarrass high profile individuals by releasing extremely personal medical records.

What action should we be taking? This article discusses the basics of Cyber Essentials; staff education and planning for and simulating those cyber-attacks which could cause the most harm. It provides advice on how to stop thinking solely about technical defences and to start thinking in terms of strategy. To determine what the most dangerous cyber threat to your organisation is, we must consider what that rival criminal businessman will most want from your business.